Ramblings about security, rants about insecurity, occasional notes about reverse engineering, and of course, musings about malware. What more could you ask for?

Wednesday, February 22, 2017

Hacking the soda lobby - a few thoughts

I saw a wild story in the NYT about the use of restricted sale spyware to spy on proponents of the soda tax in Mexico. I regularly talk to clients at Rendition Infosec who say "We wouldn't be targeted, who would hack us?" I always respond that if you have something that lets you do business better than someone else, that data is valuable. And someone might target you to get it.

But it's not just intellectual property that directly supports business. If you are influencing public policy, you might also be targeted. There's obviously a lot of money involved in public policy. That's what seems to be happening in Mexico. Proponents of the soda tax have been exploited using malware that is supposedly only sold to governments.

There seem to be three possibilities here, all clearly disturbing. The first is that the proponents of the soda lobby are being hacked by a government using the government only tools. The second possibility is that the government only tools have been sold to a non-government. The third possibility is that the spyware really has only been sold to the government, but the tools were leaked or stolen by an outsider.

Can you really keep hacking tools private?
I'll leave the first two possibilities for your imagination. I'd like look at the third possibility. If the tools were stolen or leaked, that would be extremely disturbing, but probably not unprecedented. There are certainly suspicions that Harold Martin, an NSA insider, was the source of the Shadow Brokers tool leaks. In the case of Shadow Brokers, there is believed to be only one source for the hacking tools (supposedly this is NSA). In the Mexico case, it isn't clear how many different governments have access to the commercial spyware. But understand that each legitimate customer of those tools is likely a nation state hacking target. Think about that the next time you hear your government talking about public policy for it's hacking tools, exploits, and backdoors. Or how about the FBI wanting backdoors to get into your iPhone? Given the Shadow Brokers leaks, losing any backdoor isn't outside the realm of possibilities. Given time and daylight, we may find that the source of the cyber attacks targeting the Mexican soda lobby was a government who legitimately purchased the tools, but fell victim to hacking themselves.